This is another few NTFS related tools I'd like to share, and this time it's about the $Extended_Attribute. Basically it is yet another api to support compatibility backwards/sideways, primarily for os/2 origins. In short it is a bunch of name/value pairs, that apparanetly (lately) have been used for malicious purposes. Read more from the original text; http://code.google.c...sv/wiki/EaTools

Thus it is possible to hide data there and execute it (for those determined to do so).